diff --git a/src/bin/gman/cli.rs b/src/bin/gman/cli.rs index 563d2df..b21c1b3 100644 --- a/src/bin/gman/cli.rs +++ b/src/bin/gman/cli.rs @@ -1,8 +1,8 @@ use crate::command::preview_command; -use anyhow::{Context, Result, anyhow}; +use anyhow::{anyhow, Context, Result}; use clap_complete::CompletionCandidate; use futures::future::join_all; -use gman::config::{Config, RunConfig, load_config}; +use gman::config::{load_config, Config, RunConfig}; use log::{debug, error}; use regex::Regex; use std::collections::HashMap; diff --git a/src/bin/gman/utils.rs b/src/bin/gman/utils.rs index 587f016..9172159 100644 --- a/src/bin/gman/utils.rs +++ b/src/bin/gman/utils.rs @@ -1,5 +1,5 @@ use anyhow::{Context, Result}; -use gman::config::{Config, get_config_file_path}; +use gman::config::{get_config_file_path, Config}; use log::LevelFilter; use log4rs::append::console::ConsoleAppender; use log4rs::append::file::FileAppender; diff --git a/src/lib.rs b/src/lib.rs index 8d70f62..af50e8b 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -61,7 +61,7 @@ fn derive_key(password: &SecretString, salt: &[u8]) -> Result { .hash_password_into(password.expose_secret().as_bytes(), salt, &mut key_bytes) .map_err(|e| anyhow!("argon2 into error: {:?}", e))?; - let key = *Key::from_slice(&key_bytes); + let key: Key = key_bytes.into(); key_bytes.zeroize(); Ok(key) } @@ -93,11 +93,11 @@ pub fn encrypt_string(password: impl Into, plaintext: &str) -> Res let aad = format!("{};{}", HEADER, VERSION); - let nonce = XNonce::from_slice(&nonce_bytes); + let nonce: XNonce = nonce_bytes.into(); let mut pt = plaintext.as_bytes().to_vec(); let ct = cipher .encrypt( - nonce, + &nonce, chacha20poly1305::aead::Payload { msg: &pt, aad: aad.as_bytes(), @@ -179,7 +179,7 @@ pub fn decrypt_string(password: impl Into, envelope: &str) -> Resu let ct_b64 = parts[6].strip_prefix("ct=").context("missing ct")?; let salt_bytes = B64.decode(salt_b64).context("bad salt b64")?; - let mut nonce_bytes = B64.decode(nonce_b64).context("bad nonce b64")?; + let nonce_bytes = B64.decode(nonce_b64).context("bad nonce b64")?; let mut ct = B64.decode(ct_b64).context("bad ct b64")?; if nonce_bytes.len() != NONCE_LEN { @@ -191,10 +191,11 @@ pub fn decrypt_string(password: impl Into, envelope: &str) -> Resu let cipher = XChaCha20Poly1305::new(&key); let aad = format!("{};{}", HEADER, VERSION); - let nonce = XNonce::from_slice(&nonce_bytes); + let mut nonce_arr: [u8; NONCE_LEN] = nonce_bytes.try_into().map_err(|_| anyhow!("invalid nonce length"))?; + let nonce: XNonce = nonce_arr.into(); let pt = cipher .decrypt( - nonce, + &nonce, chacha20poly1305::aead::Payload { msg: &ct, aad: aad.as_bytes(), @@ -202,7 +203,7 @@ pub fn decrypt_string(password: impl Into, envelope: &str) -> Resu ) .map_err(|_| anyhow!("decryption failed (wrong password or corrupted data)"))?; - nonce_bytes.zeroize(); + nonce_arr.zeroize(); ct.zeroize(); let s = String::from_utf8(pt).context("plaintext not valid UTF-8")?; diff --git a/src/providers/local.rs b/src/providers/local.rs index ad2b89e..45f69b2 100644 --- a/src/providers/local.rs +++ b/src/providers/local.rs @@ -382,11 +382,11 @@ fn encrypt_string(password: &SecretString, plaintext: &str) -> Result { let cipher = XChaCha20Poly1305::new(&key); let aad = format!("{};{}", HEADER, VERSION); - let nonce = XNonce::from_slice(&nonce_bytes); + let nonce: XNonce = nonce_bytes.into(); let mut pt = plaintext.as_bytes().to_vec(); let ct = cipher .encrypt( - nonce, + &nonce, chacha20poly1305::aead::Payload { msg: &pt, aad: aad.as_bytes(), @@ -429,9 +429,9 @@ fn derive_key_with_params( argon .hash_password_into(password.expose_secret().as_bytes(), salt, &mut key_bytes) .map_err(|e| anyhow!("argon2 derive error: {:?}", e))?; + let key: Key = key_bytes.into(); key_bytes.zeroize(); - let key = Key::from_slice(&key_bytes); - Ok(*key) + Ok(key) } fn derive_key(password: &SecretString, salt: &[u8]) -> Result { @@ -481,7 +481,7 @@ fn decrypt_string(password: &SecretString, envelope: &str) -> Result { let ct_b64 = parts[6].strip_prefix("ct=").with_context(|| "missing ct")?; let mut salt = B64.decode(salt_b64).with_context(|| "bad salt b64")?; - let mut nonce_bytes = B64.decode(nonce_b64).with_context(|| "bad nonce b64")?; + let nonce_bytes = B64.decode(nonce_b64).with_context(|| "bad nonce b64")?; let mut ct = B64.decode(ct_b64).with_context(|| "bad ct b64")?; if salt.len() != SALT_LEN || nonce_bytes.len() != NONCE_LEN { @@ -496,11 +496,12 @@ fn decrypt_string(password: &SecretString, envelope: &str) -> Result { let key = derive_key_with_params(password, &salt, m, t, p)?; let cipher = XChaCha20Poly1305::new(&key); let aad = format!("{};{}", HEADER, VERSION); - let nonce = XNonce::from_slice(&nonce_bytes); + let mut nonce_arr: [u8; NONCE_LEN] = nonce_bytes.try_into().map_err(|_| anyhow!("invalid nonce length"))?; + let nonce: XNonce = nonce_arr.into(); let pt = cipher .decrypt( - nonce, + &nonce, chacha20poly1305::aead::Payload { msg: &ct, aad: aad.as_bytes(), @@ -509,7 +510,7 @@ fn decrypt_string(password: &SecretString, envelope: &str) -> Result { .map_err(|_| anyhow!("decryption failed (wrong password or corrupted data)"))?; salt.zeroize(); - nonce_bytes.zeroize(); + nonce_arr.zeroize(); ct.zeroize(); let s = String::from_utf8(pt).with_context(|| "plaintext not valid UTF-8")?;